GDPR and the New Customer Service Balancing Act



Ask any customer service leader and they will tell you GDPR is coming.

Cue the horror movie music.

The General Data Protection Regulation, a European privacy and data protection measure, will go into effect in May, and companies around the world are scrambling to prepare for it. Adopted to strengthen data protection for individuals within countries in the European Union, GDPR is designed to give people more control over their personal data, protect data from loss, and unify regulatory privacy and data requirements across Europe. And it doesn't just affect EU companies. Anyone with a customer, employee, vendor, or partner in the EU is liable.

For customer service in particular, the regulation seems ominous. GDPR requires companies to get explicit consent for data collection. All identifiable personal information, regardless of where it is used, must be protected, and proof of protection must be verified. The regulation goes so far as to state that the protection of personal data is a fundamental right.

To many, this sounds like a poison pill for customer communication initiatives. After all, they live in a world where technology and systems are used to anticipate customers' needs before they realize they have them, and where spending is closely scrutinized. The question quickly becomes how to balance compliance with overall corporate objectives for customer experience and loyalty.

Here are four suggestions:

1. Ask for Less.

Trusted customer relationships are established over time. As technology, social media, and other tactics replace the traditional face-to-face relationship developed in a store, by a salesperson, or through a call center agent, it is important to determine the right moments within the customer journey to collect customer data, ask for permission to contact, and use that personal information correctly once collected.

Structuring the question from the customers' perspectives and at moments that matter improves the odds of receiving the required permoissions. The collection of self-reported customer data, such as their likes and dislikes, enables mutually beneficial communications over the lifespan of the customer relationship. Asking customers for their preferences is essential to maintaining permission. Identifying all potential customer data that will improve the customer relationship and breaking the collection up over time is an effective strategy. Resist the temptation to ask for as much as possible during the initial interactions. A good rule of thumb that aligns compliance with customer experience is to understand why you are asking for customer information in the first place. This simple exercise will assist in overall decision-making regarding the governance and logical right time to collect customer data.

2. Store in One Place.

Marketing and customer communications technologies have grown exponentially in the past five years. With the introduction of each new technology comes a separate ability to capture and store customer data—a potential compliance risk. This growth represents one of the greatest risks to running an effective and compliant infrastructure, one where data should be stored in a distributed and centralized manner. Only through a neutral, centralized, fully auditable system can organizations ensure their continued compliance. You need a system that is built with compliance from the start, not as a bolt-on afterthought.

GDPR firmly places the responsibility on the party collecting customer data to understand and disclose how that data will be used, how long it is needed, and to provide an easy way to respond to customer inquiries. Not only that, the regulation requires alleged violators to deliver proof of consent within days of the inquiry—an impossible challenge for companies without a system of record to maintain enterprisewide consent.

Disparate knowledge collected about customers across the enterprise is brought together to provide a more complete picture of the customer. This comprehensive picture of the customer leads to more effective and meaningful outreach while centralization stems the introduction of unapproved technology.

3. Use Judiciously.

Implementing a governance structure that includes all individuals responsible for managing and using customer data for outbound communications was nice to have in a pre-GDPR environment. With GDPR, it is a requirement. Governance forces an organizational view of all outbound communications to customer groups and encourages communication within the company about strategies, tactics, and overlaps. This can only be achieved through a combination of technology and oversight.

The fewer times your organization reaches out to customers, the more strategic those touches become. This enables a better understanding of customers and helps mitigate the greatest source of GDPR risk, customer complaints.

4. Anticipate Change.

Take advantage of built-in capabilities within systems to anticipate customer concerns around the use of data. Prepare for consent expiration, pay attention to customer engagement with outbound communications, and make sure you are closely tracking negative events, such as unsubscribes. GDPR specifically protects consumers' right to revoke consent. Any delay in compliance with such a request, or worse yet, continued communications from a separate business unit, will result in costly violations.

The proactive management of customer data is key to adhering to GDPR requirements and ensuring that customers receive an ideal experience. Anticipating customers might unsubscribe by paying attention to the number of times they open (or don't open) a certain correspondence and proactively offering a digest or decrease in frequency is an effective approach. Pausing all customer communications based on an event (visit to an unsubscribe page, completion of a purchase) is also an effective way to preserve the customer relationship and stem customer complaints.

Your organization should ensure that all departments have access to the latest and most up-to-date information about your customers. Enabling only the digital channels that are customer-facing, but keeping your customer care or front-line representatives in the dark regarding customer data and use of that data is a recipe for running afoul of GDPR guidelines.


Eric V. Holtzclaw is chief strategist at PossibleNOW and the author of   Laddering: Unlocking the Potential of Consumer Behavior.